Feat: Port Groups in DNAT (#31)

* added portgroupid in DNATs

* fix dnat example

* fix dnat doc

docs/resources/nat.md

@@ -58,6 +58,24 @@ resource "netris_nat" "my_dnat" {
 }
 ```
 
+### DNAT W/ PORT GROUP
+
+```hcl
+resource "netris_nat" "my_dnat_with_port_group" {
+  name = "MY DNAT w/ PORT GROUP"
+  state = "enabled"
+  siteid = data.netris_site.santa-clara.id
+  action = "DNAT"
+  protocol = "tcp"
+  srcaddress = "0.0.0.0/0"
+  srcport = "1-65535"
+  dstaddress = "203.0.113.193/32"
+  portgroupid = netris_portgroup.my_portgroup.id
+  dnattoip = "10.10.10.60/32"
+  depends_on = [netris_subnet.my-subnet-common, netris_subnet.my-subnet-nat]
+}
+```
+
 ### ACCEPT (Excluding destination network from already defined SNAT Rule)
 
 ```hcl
@@ -89,8 +107,9 @@ resource "netris_nat" "my_snat_accept" {
 
 - **comment** (String) Custom comment for NAT rule
 - **dnattoip** (String) The internal IP address to which external hosts will gain access as a result of a DNAT translation. Only when action == `DNAT`
-- **dnattoport** (String) The internal port to which external port will gain access as a result of a DNAT translation. Only when action == `DNAT`
-- **dstport** (String) Match traffic destined to this port. Ignoring when protocol == `all` or `icmp`
+- **dnattoport** (String) The internal port to which external port will gain access as a result of a DNAT translation. Only when action == `DNAT`.  Ignoring when `portgroupid` is set
+- **dstport** (String) Match traffic destined to this port. Ignoring when protocol == `all` or `icmp`. Ignoring when `portgroupid` is set
+- **portgroupid** (Number) ID of a Port Group. Port Group will apply the list of ports to `dstport` and `dnattoport`. Only when action == `DNAT` and protocol == `tcp` or `udp`
 - **snattoip** (String) Replace the original address with the specified one. Only when action == `SNAT`
 - **snattopool** (String) Replace the original address with the pool of ip addresses. Only when action == `SNAT`
 - **srcport** (String) Match traffic sourced from this port. Ignoring when protocol == `all` or `icmp`

examples/nat_example.tf

@@ -27,6 +27,20 @@ resource "netris_nat" "my_dnat" {
   depends_on = [netris_subnet.my-subnet-nat]
 }
 
+resource "netris_nat" "my_dnat_with_port_group" {
+  name        = "MY DNAT w/ PORT GROUP"
+  state       = "enabled"
+  siteid      = netris_site.santa-clara.id
+  action      = "DNAT"
+  portgroupid = netris_portgroup.my_portgroup.id
+  protocol    = "tcp"
+  srcaddress  = "0.0.0.0/0"
+  srcport     = "1-65535"
+  dstaddress  = "203.0.113.193/32"
+  dnattoip    = "100.71.56.60/32"
+  depends_on  = [netris_subnet.my-subnet-nat]
+}
+
 resource "netris_nat" "my_snat_accept" {
   name       = "MY SNAT ACCEPT"
   state      = "enabled"

go.mod

@@ -4,7 +4,7 @@ go 1.18
 
 require (
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
-	github.com/netrisai/netriswebapi v0.0.0-20231117212317-a03342828fd0
+	github.com/netrisai/netriswebapi v0.0.0-20231121004246-72bab01d3ef5
 
 )
 

go.sum

@@ -350,6 +350,10 @@ github.com/netrisai/netriswebapi v0.0.0-20231117010145-c9165834b295 h1:Uxkk7CA+5
 github.com/netrisai/netriswebapi v0.0.0-20231117010145-c9165834b295/go.mod h1:GLLz33Jc07/hIPwEYZDWEtNtHjX/QZjVzf9xLnfSiqs=
 github.com/netrisai/netriswebapi v0.0.0-20231117212317-a03342828fd0 h1:2UUfdAZHElyJjiFYPbMKnkWOo5RsKKDg0teODyDs+HU=
 github.com/netrisai/netriswebapi v0.0.0-20231117212317-a03342828fd0/go.mod h1:GLLz33Jc07/hIPwEYZDWEtNtHjX/QZjVzf9xLnfSiqs=
+github.com/netrisai/netriswebapi v0.0.0-20231120235021-98f558d6ea8c h1:okR8Cm68k06025z2DCd5ua9KWRieCexYENY0xA7fwvk=
+github.com/netrisai/netriswebapi v0.0.0-20231120235021-98f558d6ea8c/go.mod h1:GLLz33Jc07/hIPwEYZDWEtNtHjX/QZjVzf9xLnfSiqs=
+github.com/netrisai/netriswebapi v0.0.0-20231121004246-72bab01d3ef5 h1:H0MMXpuyLnpLPjJPMUmJcBmP8KKU1QYck9gSVEoDirM=
+github.com/netrisai/netriswebapi v0.0.0-20231121004246-72bab01d3ef5/go.mod h1:GLLz33Jc07/hIPwEYZDWEtNtHjX/QZjVzf9xLnfSiqs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=

netris/nat/nat.go

@@ -63,6 +63,11 @@ func Resource() *schema.Resource {
 				Type:         schema.TypeString,
 				Description:  "Rule action. Possible values: `DNAT`, `SNAT`, `ACCEPT_SNAT`, `MASQUERADE`",
 			},
+			"portgroupid": {
+				Optional: true,
+				Type:        schema.TypeInt,
+				Description: "ID of a Port Group. Port Group will apply the list of ports to Destination Port and DNAT to Port. Only when action == `DNAT` and protocol == `tcp` or `udp`",
+			},
 			"protocol": {
 				ValidateFunc: validateProto,
 				Required:     true,
@@ -91,7 +96,7 @@ func Resource() *schema.Resource {
 				Computed:    true,
 				Optional:    true,
 				Type:        schema.TypeString,
-				Description: "Match traffic destined to this port. Ignoring when protocol == `all` or `icmp`",
+				Description: "Match traffic destined to this port. Ignoring when protocol == `all` or `icmp`. Ignoring when `portgroupid` is set",
 			},
 			"dnattoip": {
 				Computed:     true,
@@ -104,7 +109,7 @@ func Resource() *schema.Resource {
 				Computed:    true,
 				Optional:    true,
 				Type:        schema.TypeString,
-				Description: "The internal port to which external port will gain access as a result of a DNAT translation. Only when action == `DNAT`",
+				Description: "The internal port to which external port will gain access as a result of a DNAT translation. Only when action == `DNAT`. Ignoring when `portgroupid` is set",
 			},
 			"snattoip": {
 				Computed:     true,
@@ -144,6 +149,7 @@ func resourceCreate(d *schema.ResourceData, m interface{}) error {
 	comment := d.Get("comment").(string)
 	siteID := d.Get("siteid").(int)
 	action := d.Get("action").(string)
+	portgroupid := d.Get("portgroupid").(int)
 	protocol := d.Get("protocol").(string)
 	srcaddress := d.Get("srcaddress").(string)
 	srcport := d.Get("srcport").(string)
@@ -160,6 +166,7 @@ func resourceCreate(d *schema.ResourceData, m interface{}) error {
 		Comment:            comment,
 		State:              state,
 		Site:               nat.IDName{ID: siteID},
+		PortGroup:          nat.PortGroup{ID: portgroupid},
 		Protocol:           protocol,
 		SourceAddress:      srcaddress,
 		SourcePort:         srcport,
@@ -241,6 +248,10 @@ func resourceRead(d *schema.ResourceData, m interface{}) error {
 	if err != nil {
 		return err
 	}
+	err = d.Set("portgroupid", nat.PortGroup.ID)
+	if err != nil {
+		return err
+	}
 	err = d.Set("protocol", nat.Protocol.Value)
 	if err != nil {
 		return err
@@ -271,11 +282,9 @@ func resourceRead(d *schema.ResourceData, m interface{}) error {
 	if err != nil {
 		return err
 	}
-	if !(nat.DnatToPort == 0 && d.Get("dnattoport").(string) == "") {
-		err = d.Set("dnattoport", strconv.Itoa(nat.DnatToPort))
-		if err != nil {
-			return err
-		}
+	err = d.Set("dnattoport", nat.DnatToPort)
+	if err != nil {
+		return err
 	}
 	err = d.Set("snattoip", nat.SnatToIP)
 	if err != nil {
@@ -297,6 +306,7 @@ func resourceUpdate(d *schema.ResourceData, m interface{}) error {
 	comment := d.Get("comment").(string)
 	siteID := d.Get("siteid").(int)
 	action := d.Get("action").(string)
+	portgroupid := d.Get("portgroupid").(int)
 	protocol := d.Get("protocol").(string)
 	srcaddress := d.Get("srcaddress").(string)
 	srcport := d.Get("srcport").(string)
@@ -314,6 +324,7 @@ func resourceUpdate(d *schema.ResourceData, m interface{}) error {
 		Comment:            comment,
 		State:              state,
 		Site:               nat.IDName{ID: siteID},
+		PortGroup:          nat.PortGroup{ID: portgroupid},
 		Protocol:           protocol,
 		SourceAddress:      srcaddress,
 		SourcePort:         srcport,